Curated Content | Thought Leadership | Technology News

Another Update on Okta’s Latest Breach: From 1% to 100%

New information released.
Emily Hill
Contributing Writer

In previous articles by The National CIO Review, we covered Okta’s latest breach. As more information was slowly released to the public, additional details were revealed and the breach appears to be more far-reaching than initially reported.

So what is the cloud company’s update now? And is the public getting the whole story this time?

A Refresh:

In October of this year, Okta disclosed that its customer support system was infiltrated. They shared that, fortunately, only less than 1% of clients were impacted. Attackers used stolen login credentials to access an Okta support account, enabling them to pilfer cookies and session tokens used by customer support providers for troubleshooting. However, companies like 1Password, BeyondTrust, and Cloudflare detected and blocked these intrusions before customers were affected

In early November, Okta released more information to the public regarding the breach and shared that it originated from the compromise of an Okta employee, who inadvertently logged into the service account while using their personal Google profile in Chrome on an Okta-managed laptop. This lapse in security allowed the attacker to gain access to the service account credentials, although the precise method remains unclear.

The New Scoop

While Okta previously believed that only around 200 clients were affected by the breach, new reports expose that all of the firm’s customer support users were impacted. They shared a letter to their clients disclosing the news and said that as of now, there is no direct evidence of the hackers using the extracted data to target customers. As they uncover more information with a digital forensics team they will update their customers.

The broader breach has increased vulnerabilities for clients, leaving them susceptible to heightened cyberattacks or phishing scams. On the bright side, Okta’s customers with the Department of Defense claim to be unaffected by the incident. However, guards are still up as customers worry about what malicious actors could potentially leverage from the compromised access and data obtained.

The Wrap

Since the original disclosure of this hack, the company has lost over $2 billion in market capitalization. Because of the business Okta is in, they are an easy, high-profile, target. In addition to this, their failure to disclose the breach originally has customers, security experts, industry observers, and the public alarmed.

Go Deeper –> Okta hackers stole data on all customer support users in major breach – CNBC

You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.